<?php

session_start();
$case=$_POST['case'];
$myusername=$_POST['myusername'];


//
//
//
//
//This section is for changing the profile information
//
//
//
//
//
if ($case == 1){


$email=$_POST['email'];
$showMail=$_POST['showMail'];
$lan=$_POST['lan'];
$fornamn=$_POST['fornamn'];
$efternamn=$_POST['efternamn'];
$telefonnummer=$_POST['telefonnummer'];
$showPhone=$_POST['showPhone'];
$adress=$_POST['adress'];
$stad=$_POST['stad'];
$postnummer=$_POST['postnummer'];

//Prevention of mysql injections!!
$email = stripslashes($email);
$email = mysql_real_escape_string($email);

$lan = stripslashes($lan);
$lan = mysql_real_escape_string($lan);

$fornamn = stripslashes($fornamn);
$fornamn = mysql_real_escape_string($fornamn);

$efternamn = stripslashes($efternamn);
$efternamn = mysql_real_escape_string($efternamn);

$telefonnummer = stripslashes($telefonnummer);
$telefonnummer = mysql_real_escape_string($telefonnummer);

$adress = stripslashes($adress);
$adress = mysql_real_escape_string($adress);

$stad = stripslashes($stad);
$stad = mysql_real_escape_string($stad);

$postnummer = stripslashes($postnummer);
$postnummer = mysql_real_escape_string($postnummer);
//Prevention of mysql injections!!

// Determine if the user wants to share his contactinformation
if ($showPhone == on){$showPhone = no;}
else {$showPhone = yes;}

if ($showMail == on){$showMail = no;}
else {$showMail = yes;}

include '../phpFunctions/databaseConnect.php';
$query = "UPDATE users SET email = '$email', showEmail = '$showMail', lan = '$lan', fornamn = '$fornamn', efternamn = '$efternamn',
          telefonnummer = '$telefonnummer',showPhone = '$showPhone', adress = '$adress', stad = '$stad', postnummer = '$postnummer'
          where username ='$myusername'";
mysql_query($query);
header("location: ../getProfile/getprofile.php?profileName=$myusername ");
}
//
//
//
//
//This section is for changing the password
//
//
//
//
//
if ($case == 2){


$mypassword=$_POST['losenord'];


include '../phpFunctions/databaseConnect.php';


$mypassword = hash( 'whirlpool', $mypassword);
// tar bara de första 75 bokstäverna i hashen eftersom bara 75 bokstäver kan lagras i databasen av nån anledning
$mypassword = substr($mypassword, 0, 75);
// To protect MySQL injection (more detail about MySQL injection)
$mypassword = stripslashes($mypassword);
$myusername = stripslashes($myusername);

$mypassword = mysql_real_escape_string($mypassword);
$myusername = mysql_real_escape_string($myusername);

$sql="SELECT * FROM users WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){




$nyttlosenord=$_POST['nyttlosenord'];
$nyttlosenord = stripslashes($nyttlosenord);
$nyttlosenord = mysql_real_escape_string($nyttlosenord);
$nyttlosenord = hash( 'whirlpool', $nyttlosenord);
$nyttlosenord = substr($nyttlosenord, 0, 75);
$query = "UPDATE users SET password = '$nyttlosenord' where username ='$myusername'";
mysql_query($query);
}
else {header("location:../LogIn/login_fail.php");}

}

//
//
//
//
//This section is for changing the profile picture
//
//
//
//
//


if ($case == 3){
$picurl=$_POST['picurl'];


//Case är en hidden variabel som skickas med formet, Den av gör vad som ska ändras i databasen
//Om case = 1 --> personuppgifter ändras, case =2 --> lösenord ändras, case =3 --> bild ändras

// filename: upload.processor.php

// first let's set some variables

// make a note of the current working directory, relative to root.
$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);

// make a note of the directory that will recieve the uploaded files
$uploadsDirectory = $_SERVER['DOCUMENT_ROOT'] . $directory_self . '../Images/profilePictures/';

// make a note of the location of the upload form in case we need it
$uploadForm = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'registerForm.php';

// make a note of the location of the success page
$uploadSuccess = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'registerSuccess.php';

// name of the fieldname used for the file in the HTML form
$fieldname = 'file';



// Now let's deal with the upload

// possible PHP upload errors
$errors = array(1 => 'php.ini max file size exceeded',
                2 => 'html form max file size exceeded',
                3 => 'file upload was only partial',
                4 => 'no file was attached');

// check the upload form was actually submitted else print form
isset($_POST['submit'])
	or error('the upload form is needed', $uploadForm);

// check for standard uploading errors
($_FILES[$fieldname]['error'] == 0)
	or error($errors[$_FILES[$fieldname]['error']], $uploadForm);

// check that the file we are working on really was an HTTP upload
@is_uploaded_file($_FILES[$fieldname]['tmp_name'])
	or error('not an HTTP upload', $uploadForm);

// validation... since this is an image upload script we
// should run a check to make sure the upload is an image
@getimagesize($_FILES[$fieldname]['tmp_name'])
	or error('only image uploads are allowed', $uploadForm);

// make a unique filename for the uploaded file and check it is
// not taken... if it is keep trying until we find a vacant one
$now = time();
while(file_exists($uploadFilename = $uploadsDirectory.$now.'-'.$_FILES[$fieldname]['name']))
{

    $now++;

}
$imagename = ($_FILES[$fieldname]['name']);
$imageURL = "$now-$imagename";

// now let's move the file to its final and allocate it with the new filename
@move_uploaded_file($_FILES[$fieldname]['tmp_name'], $uploadFilename)
	or error('receiving directory insuffiecient permission', $uploadForm);
// $_FILES[$fieldname]['name'] verkar vara namnet på bilden man laddar upp

// If you got this far, everything has worked and the file has been successfully saved.
// We are now going to redirect the client to the success page.
//header('Location: ' . $uploadSuccess);

// make an error handler which will be used if the upload fails
function error($error, $location, $seconds = 5)
{

        }



$imageURL = $imageURL;
include '../phpFunctions/databaseConnect.php';
$query = "UPDATE users SET profilepictureURL = '$imageURL' where username ='$myusername'";
mysql_query($query);

$filename = "../Images/profilePictures/$picurl";
unlink($filename);
}




mysql_close();
header("location: ../getProfile/getprofile.php?profileName=$myusername ")
?>